<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="margin:0px;background-color:rgb(255, 255, 255);display:inline !important">VCs would be encoded using the rules in the VC spec - either in JWT format or JSON-LD format.  These encoded VCs could then be passed as parameters as JWT claims. </span>I

 believe that people are using all four standard representations of Verifiable Credential objects (vp_jwt, vp_ld, vc_jwt, vc_ld) with JWTs (such as ID tokens) and sets of JSON claims (such as UserInfo Endpoint responses).  To

<span style="background-color:rgb(255, 255, 255);display:inline !important">promote interoperability, i</span>t seems better to have standard claims that allow people to use the representations they choose rather than to have everyone do the same thing slightly

 differently. </div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Kristina</div>

<div id="appendonsend"></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>差出人:</b> nadalin@prodigy.net <nadalin@prodigy.net><br>

<b>送信日時:</b> 2021年4月8日 11:06<br>

<b>宛先:</b> Kristina Yasuda <Kristina.Yasuda@microsoft.com>; 'Artifact Binding/Connect Working Group' <openid-specs-ab@lists.openid.net><br>

<b>CC:</b> oliver.terbu@mesh.xyz <oliver.terbu@mesh.xyz><br>

<b>件名:</b> RE: [Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects</font>

<div> </div>

</div>

<div lang="EN-US" style="word-wrap:break-word">

<div class="x_WordSection1">

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">Not quite the case as there are specific rules for encoding and decoding JWT in the verifiable credential specification and how to process certain JWT claims iss, aud, etc. So I’m still confused

 what you are trying to accomplish.</span></p>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> </span></p>

<div>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> Kristina Yasuda <Kristina.Yasuda@microsoft.com>

<br>

<b>Sent:</b> Wednesday, April 7, 2021 6:53 PM<br>

<b>To:</b> Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net><br>

<b>Cc:</b> Anthony Nadalin <nadalin@prodigy.net>; oliver.terbu@mesh.xyz<br>

<b>Subject:</b> Re: [Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects</span></p>

</div>

</div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black">VC specification defined `vp`, `vc` claims, but they are defined only to include "tthose parts of the standard verifiable credentials and verifiable presentations where no explicit encoding rules for

 JWT exist". Hence `vp`, `vc` claims are only a part of the the entire VP, VC. </span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black; background:white">There is a need a define a standard way to return VPs using OpenID Connect, and the proposal is to use `vp_jwt`, `vp_ldp` claims that would include entire VP inside the ID token.

 (VP in a JWT format inside `vp_jwt` would include `vp` claim) </span><span style="font-family:"Calibri",sans-serif; color:black"></span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black; background:white">Example can be found here: <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhackmd.io%2FgrbDXDHqTE6lhu6fvVFIuA&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C56118996360b46782dff08d8fa32e797%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637534444171960134%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OFBWyI5KJsmUTir%2BlqdGR4R%2Fdbtsl6UTrL460CXDj2U%3D&reserved=0" originalsrc="https://hackmd.io/grbDXDHqTE6lhu6fvVFIuA" shash="JjUJ8N1RnSCBG+oFoL2j7PmnklqKIJIi0nznjHvhwvxOYJqji5ZZBN6nLycn9RR3j8SWQo2BoNvmGnjhLKPaxIy38L0hPe0G+6t94xMh6jomB9jmHgiQKDNpAbaSP5NnXCJ5XesSHs2AEEKhJed3YKuhMUrbXUTrKQPMFNMp1x0=">Examples

 for the vp_jwt, vp_ldp proposal - HackMD</a></span><span style="font-family:"Calibri",sans-serif; color:black"></span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black">Note that this proposal is intended to work not only with SIOP V2, but also if VPs are to be returned from the user_info endpoint for example.</span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black; background:white">Best,</span><span style="font-family:"Calibri",sans-serif; color:black"></span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-family:"Calibri",sans-serif; color:black; background:white">Kristina</span><span style="font-family:"Calibri",sans-serif; color:black"></span></p>

</div>

<div class="x_MsoNormal" align="center" style="margin: 0in; font-size: 12pt; font-family: SimSun;text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="x_divRplyFwdMsg">

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<b><span lang="ZH-CN" style="font-size:11.0pt; color:black">差出人</span></b><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Openid-specs-ab

 <<a href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>>

</span><span lang="ZH-CN" style="font-size:11.0pt; color:black">が</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> ANTHONY NADALIN via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>>

</span><span lang="ZH-CN" style="font-size:11.0pt; color:black">の代理で送信</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"><br>

</span><b><span lang="ZH-CN" style="font-size:11.0pt; color:black">送信日時</span></b><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> 2021</span><span lang="ZH-CN" style="font-size:11.0pt; color:black">年</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">4</span><span lang="ZH-CN" style="font-size:11.0pt; color:black">月</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">8</span><span lang="ZH-CN" style="font-size:11.0pt; color:black">日</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">

 10:09<br>

</span><b><span lang="ZH-CN" style="font-size:11.0pt; color:black">宛先</span></b><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Artifact

 Binding/Connect Working Group <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>><br>

<b>CC:</b> Anthony Nadalin <<a href="mailto:nadalin@prodigy.net">nadalin@prodigy.net</a>>;

<a href="mailto:oliver.terbu@mesh.xyz">oliver.terbu@mesh.xyz</a> <<a href="mailto:oliver.terbu@mesh.xyz">oliver.terbu@mesh.xyz</a>><br>

</span><b><span lang="ZH-CN" style="font-size:11.0pt; color:black">件名</span></b><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Re: [Openid-specs-ab]

 Defining JWT Claims to represent W3C Verifiable Credentials objects</span> </p>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

</div>

</div>

<div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Arial",sans-serif; color:black">I  don't quite understand this proposal as if you read the verifiable credential specification you will see a section called JWT encoding and JWT decoding based upon what Mike is written

 I don't understand how you could abide by a fully compliant verifiable credential specification without encoding and decoding JWT's into verifiable credentials.</span></p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>

</div>

<div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Arial",sans-serif; color:black">Get <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C56118996360b46782dff08d8fa32e797%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637534444171960134%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=6hLPo84Ac%2Fsvu2wbKuY6q3wcrXus3EpIQN2aAQmpqvI%3D&reserved=0" originalsrc="https://aka.ms/AAb9ysg" shash="RWyXWX49BYRzz+TJ/vhKIi3MBB0WS0gFg/xRFBY3+W6byJ+IeHTH4/w3Ksq3iKZVoWXHcSQxKybXotsN45Emk/0sJ82Qpyh/XTP0gH3zozDkgVNf2ceAPqpro7SZ0RuACie03TgfXTcsZmIONa3f1kOFZGMXHPdJvMpHgE9Jdg0=">

Outlook for Android</a></span></p>

</div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:11.0pt; font-family:"Arial",sans-serif; color:black"> </span></p>

</div>

<div class="x_MsoNormal" align="center" style="margin: 0in; font-size: 12pt; font-family: SimSun;text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="x_x_divRplyFwdMsg">

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Openid-specs-ab <<a href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>>

 on behalf of Tom Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>><br>

<b>Sent:</b> Wednesday, April 7, 2021 6:00:29 PM<br>

<b>To:</b> Artifact Binding/Connect Working Group <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>><br>

<b>Cc:</b> Tom Jones <<a href="mailto:thomasclinganjones@gmail.com">thomasclinganjones@gmail.com</a>>;

<a href="mailto:oliver.terbu@mesh.xyz">oliver.terbu@mesh.xyz</a> <<a href="mailto:oliver.terbu@mesh.xyz">oliver.terbu@mesh.xyz</a>><br>

<b>Subject:</b> Re: [Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects</span>

</p>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

</div>

</div>

<div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

I have an alternate proposal. In my system the claim should have a name that represents what it is. For example the existing claims acr and amr should be enabled to carry a vc or vp as its value. In this system the encoding of the value would carry the syntax of

 the claim, beit vc-sjon, vc-ld or whatever. The one proposal I did make was to use jose encoding. If we wanted to use this the jose header could contain the syntax of the contained element as Mike has indicated in his proposal.

</p>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

I think it is not helpful for the name of the claim to be just the syntax of the element.</p>

</div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<br clear="all">

</p>

<div>

<div>

<div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

<span style="font-size:10.5pt; color:black; background:#F2F2F2">Be the change you want to see in the world

</span>..tom</p>

</div>

</div>

</div>

</div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

</div>

</div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<div>

<div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

On Wed, Apr 7, 2021 at 5:25 PM Mike Jones via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:</p>

</div>

<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">

<div>

<div>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

In our discussions over the past few months, it’s become clear that there are multiple use cases where different forms of W3C Verifiable Credential objects will be communicated as JWT claims (or as UserInfo Endpoint claims).  I had a useful conversation with

 Oliver Terbu and Kristina Yasuda this week during which we agreed that it would be useful to write a short, focused specification defining and registering JWT claims enabling standard representations for this purpose.  These claims could be used both by SIOP

 use cases and other use cases.</p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

Bear in mind that the W3C Verifiable Credentials specification defines two representations of the objects that it defines – JWT and JSON-LD and it also orthogonally defines two kinds of objects – Verifiable Credentials and Verifiable Presentations.  Thus, there

 are actually four different data types that these use cases might want to utilize.</p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

I would therefore propose the following four claim definitions for these purposes:</p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<ul type="disc" style="margin-bottom: 0in;">

<li class="x_xxgmail-m945014664908734494msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-family:"Courier New"">vc_jwt</span></b>:  A claim whose value is a W3C Verifiable Credential object using the JWT representation, which is a JSON string.  The claim’s value may also be an array of W3C Verifiable Credential objects using

 the JWT representation if the use case calls for multiple JWT VCs.</li><li class="x_xxgmail-m945014664908734494msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-family:"Courier New"">vp_jwt</span></b>:  A claim whose value is a W3C Verifiable Presentation object using the JWT representation, which is a JSON string.  The claim’s value may also be an array of W3C Verifiable Presentation objects using

 the JWT representation if the use case calls for multiple JWT VPs.</li><li class="x_xxgmail-m945014664908734494msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-family:"Courier New"">vc_ld</span></b>:  A claim whose value is a W3C Verifiable Credential object using the JSON-LD representation, which is a JSON object.  The claim’s value may also be an array of W3C Verifiable Credential objects using

 the JSON-LD representation if the use case calls for multiple JSON-LD VCs.</li><li class="x_xxgmail-m945014664908734494msolistparagraph" style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: SimSun;">

<b><span style="font-family:"Courier New"">vp_ld</span></b>:  A claim whose value is a W3C Verifiable Presentation object using the JSON-LD representation, which is a JSON object.  The claim’s value may also be an array of W3C Verifiable Presentation objects

 using the JSON-LD representation if the use case calls for multiple JSON-LD VPs.</li></ul>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

Let’s discuss this proposal during the European-friendly Connect call ~13.5 hours from now.</p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

                                                       -- Mike</p>

<p class="x_xxmsonormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

 </p>

</div>

</div>

<p class="x_MsoNormal" style="margin: 0in; font-size: 12pt; font-family: SimSun;">

_______________________________________________<br>

Openid-specs-ab mailing list<br>

<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>

<a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C56118996360b46782dff08d8fa32e797%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637534444171970092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ITGirOTxF1v6VQbb1UVejb%2BB2mt7JEdIMcxmVR6dMB0%3D&reserved=0" originalsrc="http://lists.openid.net/mailman/listinfo/openid-specs-ab" shash="VtZ5NGB8+t+245mualbIK97yOpRzb3gnfpaZjupAb2WEbz8JnK0oQSLU5g30znbpP7TRQoD1hp1MGgqN9IUncefp/h+33VaTJ1tZlLD2kE6qt+e144cxaWXsCBk4qFMLMN6aqHW+lWboLd5StMRQh+9FNmJblPIFvNSvaoOZqEE=" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>

</blockquote>

</div>

</div>

</div>

</div>

</div>

</body>

</html>